A remote user can create a specially crafted PDF file that, when loaded by the target user, will make specially crafted API calls to trigger a flaw in the Windows PDF Library and execute arbitrary code on the target user's system.